NORMA eResearch @NCI Library

Quantitative security assessment of power-grid using Common Vulnerability Scoring System (CVSS) and attack traffic analysis

Mate, Vinayak (2022) Quantitative security assessment of power-grid using Common Vulnerability Scoring System (CVSS) and attack traffic analysis. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
PDF (Master of Science)
Download (738kB) | Preview
[thumbnail of Configuration manual]
PDF (Configuration manual)
Download (652kB) | Preview


Systems that closely collaborate between computational, network, physical and many-a-times human components to perform their functional and operational tasks are called Cyber-Physical Systems (CPS). Power-grids form a core electricity infrastructure on a large geographical scale making it a critical national infrastructure. The close integration of components in power grids is based on Supervisory Control and Data Acquisition (SCADA) and Internet-of-Things (IoT) systems for smart process control and actions. Past few decades have shown the power grids targeted by bad actors to cripple national infrastructures. Some of the known reported attacks are on Ukrainian power system in 2015 and 2016, and the Stuxnet attack on SCADA systems of Iranian grid in 2005. These attacks have shown a requirement for developing a security assessment methodology for power grids infrastructures and its specific components.

While multiple security and threat assessment methodologies are available, Common Vulnerability Scoring System (CVSS) is a method that provides a quantitative assessment of the model making it easily actionable by the security teams. This study proposes to build a CVSS marking system for components of power grid and the impact an attack on a component can have on its CVSS score. First a CVSS model for a power grid system is proposed to form a base line score for the components. Then simulated attacks are performed on the component (Smart Meter) to evaluate the changes in its CVSS score. The updated score will more accurately represent the component’s status for the specific environment it is deployed in.

The experimental results show the CVSS score can be successfully customized to the environment based on the results achieved through simulated attack dataset analysis. Both the selected CVEs saw their CVSS score updated from 7.5 to 9.3 and 4.6, and from 8.8 to 8.8 and 4.8 respectively for the SYN flood and PortMap attack data analysed. This shows an improvement in the identification of vulnerability characteristics, its quantification and will help in prioritization of remediation activities.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Cyber-physical systems (CPS); power-grid; Common Vulnerability Scoring System (CVSS); smart meters
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunications > Computer networks > Internet of things
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 22 Dec 2022 11:34
Last Modified: 07 Mar 2023 14:40

Actions (login required)

View Item View Item